Open Security Controls Assessment Language (OSCAL) Lunch with the - - PowerPoint PPT Presentation

open security controls
SMART_READER_LITE
LIVE PREVIEW

Open Security Controls Assessment Language (OSCAL) Lunch with the - - PowerPoint PPT Presentation

Apr 05, 2024 286 likes •408 views

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David Waltermire National Institute of Standards and Technology Teleconference Overview 2 Ground Rules OSCAL Status Summary (5 minutes) Issues

slide-1
SLIDE 1

Open Security Controls Assessment Language (OSCAL)

Lunch with the OSCAL Developers David Waltermire National Institute of Standards and Technology

slide-2
SLIDE 2

Teleconference Overview

 Ground Rules  OSCAL Status Summary (5 minutes)  Issues Needing Help from the Community  Question and Answer / Discussion

 Submitted questions will be discussed  The floor will be open for new questions and live discussion

2

slide-3
SLIDE 3

3

OSCAL Lunch with the Developers

Purpose:

 Facilitate an open, ongoing dialog with the OSCAL developer and user communities to promote increased use of the OSCAL models

Goals:

 Provide up-to-date status of the OSCAL project development activities  Answer questions about implementing and using the OSCAL models, and around development of OSCAL model-based content  Review development priorities and adjust priorities based on community input  Help the OSCAL community identify development needs

slide-4
SLIDE 4

Ground Rules

 Keep the discussion respectful

 Using welcoming and inclusive language  Being respectful of differing viewpoints and experiences  Gracefully accepting constructive criticism  Focusing on what is best for the community  Wait for one speaker to finish before speaking - one speaker at a time

 Speak from your own experience instead of generalizing ("I" instead of "they," "we," and "you").  Do not be afraid to respectfully challenge one another by asking questions -- focus on ideas.  The goal is not to always to agree -- it is to gain a deeper understanding.

4

slide-5
SLIDE 5

5

OSCAL Version 1 Milestones

Milestone Focus Sprints Status Date Milestone 1 Catalog and Profile Models 1 to 21 Completed 6/15/2019 Milestone 2 System Security Plan (SSP) Model 6 to 23 Completed 10/1/2019 Milestone 3 Component Definition Model 6 to ~30 In Progress May 2020 Release Candidates Provide a web-based specification / Model Improvements 24 to ~33 In Progress ~August 2020 Full Release Based on Community Feedback 34 to 36 Planned End of 2020 Ongoing Maintenance Minor and bugfix releases as needed Additional Sprints Planned Ongoing Current Sprint: 30 (https://github.com/usnistgov/OSCAL/projects/29)

slide-6
SLIDE 6

Review of Current/Completed Work

On Github: https://github.com/usnistgov/OSCAL

6

slide-7
SLIDE 7

Three New OSCAL Models

8

POA&M  Based on FedRAMP POA&M Assessment Results  Based on FedRAMP Security Assessment Report (SAR) Assessment Plan  Based on FedRAMP Security Assessment Plan (SAP)

slide-8
SLIDE 8

Help Needed

Please review pull requests and comment on issues you are interested in. 9

slide-9
SLIDE 9

10

Establishing a reoccurring meeting to discuss model updates/enhancements

 Sent a Doodle poll to oscal-dev@nist.gov  Responses indicate that Fridays @ 10AM EDT – 11AM EDT are best  Started hosting this meeting every other Friday on 5/15. Next meeting on 5/29. Sent a meeting invite out to oscal-dev@nist.gov for this meeting. The website will be updated soon as well with details.

slide-10
SLIDE 10

Open Floor

What would you like to discuss? What questions do you have? 11

slide-11
SLIDE 11

Thank you

Next Lunch with Devs: June 4th, 2020 12:00 Noon EDT (4:00 PM UTC) OSCAL Repository: https://github.com/usnistgov/OSCAL Project Website: https://www.nist.gov/oscal How to Contribute: https://pages.nist.gov/OSCAL/contribute/ Contact Us: oscal@nist.gov

12